Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

2025-02-27...ia.exe

windows7-x64

7

2025-02-27...ia.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/02/2025, 23:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-02-27_4a536d5a79d6ae2382bf20b6127235d1_mafia.exe

  • Size

    8.6MB

  • MD5

    4a536d5a79d6ae2382bf20b6127235d1

  • SHA1

    35a5745456a8ee88e45c400b06e97c92b689f815

  • SHA256

    456e2d97840aa868aff95b0151d654e015fb408bb09830efd891b2d9fc4b0852

  • SHA512

    bb2cb51d665fcb65f737801883f6f98cc1832ec9a46a7923dbc163979eadacbb0717f1bfc57d5ae04f9583d5d07050dd8ae0c622a93d20a499a4425c36e569dc

  • SSDEEP

    196608:qHYiRk/OK70/iZADU91h+RzPhnJHBj7WNqGDiwn+eeCw4K4E:7DfADU91h+tbpWQGDCL

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Kills process with taskkill 1 IoCs
    defense_evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-02-27_4a536d5a79d6ae2382bf20b6127235d1_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-02-27_4a536d5a79d6ae2382bf20b6127235d1_mafia.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM msiexec.exe
      2⤵
      • System Location Discovery: System Language Discovery
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:3056
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\System32\msiexec.exe" /i C:\Users\Admin\AppData\Local\Temp\smartbar\Installer.msi /quiet
      2⤵
        PID:2832

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\smartbar\Installer.msi
      Filesize

      7.4MB

      MD5

      fba8a6d14f51cc21ec31ca035be3ee43

      SHA1

      6def3296e3cffd838b50e6e16b73f03d5f6f9a47

      SHA256

      c5d15ea33d91d18076b67c82f258cec56c862e73aef846c2cbf37fda5b3f8d82

      SHA512

      049b4105fb7887eed61d7716569082820c748338d43cce6b16d404cf7588dbe47436d4b2b0ca954e927837b857025127018385ff0e973a252359369d4f5f9f0f

      Download Submit

    • \Users\Admin\AppData\Local\Temp\smartbar\HistoryWrapperService.dll
      Filesize

      383KB

      MD5

      02e427cace83b38829b5cdb867b078dd

      SHA1

      3b54febd0c0be63d74036b30818fdc9b925eeef0

      SHA256

      70c841b9709c5a6e26467390db7ca22ae1143a61555030908dcb5b1baaf78600

      SHA512

      4ab8a527222fde7b2fafbb2bad80e8755aa4e6a75f19dcd320e3014762ac58a69384db471d6a4386fa6cdc7c1ffb0329da77a73bc84ef4fadc52b3706d1d79e8

      Download Submit

    • \Users\Admin\AppData\Local\Temp\smartbar\Setter.dll
      Filesize

      299KB

      MD5

      f551663386ac3afb31bebb5564310147

      SHA1

      9d5d4f3ad248ca8877cd1f2305e99837a4067a32

      SHA256

      c685a8a9996f670ec0b7f7250776ec53e5618b2f29a917ecdd0e45f685bef8ac

      SHA512

      4389df690bff7c84b5ebc15b6c42e9d9352cf19607a340bc004c8c6c90935836a94d9e955eccec606119463feac36109873757d3e6826492a8d597da114e1714

      Download Submit

    • \Users\Admin\AppData\Local\Temp\smartbar\sqlite3.dll
      Filesize

      353KB

      MD5

      fec17d5fb09a03376d3aa204c65562a7

      SHA1

      2966508d76523b2c2d28713612b472e7256c66fc

      SHA256

      1e384af4479ba64bd2fa02b00603205c4b0a99a468cfa4cc33cdca7bac845bec

      SHA512

      4e250955a0b6e2a22d41cf24eecc88d3a36de1308c089d8f8ab02beed434f0ed44583f048ca2b436788b7c80ec1c7f0cd79166b3e62d040566c99aa536b9c11e

      Download Submit